The mobile era brings with it exciting possibilities to contextualize computations. Notable examples include location-based services, contextual recommendation and advertising systems, and social features. Along with these opportunities, however, various threats to a user's integrity and privacy may be present. These threats include unauthorized access to, and release of, sensitive user information such as the user's current location or device identifier (ID). Likewise, malicious sending of premium short messaging service (SMS) messages on behalf of the user may occur. Phishing functionality may be cleverly disguised as a legitimate gaming, finance, or other application. Indeed, studies on malware and privacy threats have shown that many mobile applications defeat user expectations in terms of actions that these applications perform, as well as the manner in which these applications utilize user data. These threats certainly impact end users, but a much greater risk is posed to enterprises that support Bring Your Own Device (BYOD) solutions.
Offline analysis and online enforcement are two primary approaches that have been adopted for mitigating privacy and integrity risks in the context of mobile devices. Offline analysis, in the form of dynamic testing or static verification, is configured to detect potential threats before an application is installed on a user's mobile device. As such, offline analysis constitutes the backbone of a vetting process, or—if conducted during application development—a remediation process. Offline analysis has two main disadvantages. First, offline analysis is unable to detect per-device, per-user or per-configuration threats. As an example, a given malware application may perform dynamic code loading and execution only if running on a specific model of mobile device. This is actually a common strategy for evading debugging and analysis tools. A second disadvantage is that offline analysis cannot account for interactions between multiple applications installed on the same mobile device, as it is a user-agnostic (or user-insensitive) approach. Thus, if multiple applications could collude to achieve an attack vector when all of these applications are installed on the same mobile device, this situation would remain undetected using the offline analysis approach.
An alternative to offline analysis is online enforcement. Pursuant to online enforcement, analysis is replaced by runtime monitors and/or code-level hooking mechanisms configured for detecting potential attacks in real time. This functionality reduces some of the shortcomings of the offline analysis approach. However, the overhead required by online enforcement procedures may be significant, especially if online enforcement is expected to be accurate rather than conservative. Likewise, online enforcement is typically constrained to application boundaries without any ability to track threats across different mobile applications.